[ 52.694939][ T945] bridge0: port 1(bridge_slave_0) entered disabled state
[ 52.716243][ T945] device veth1_macvtap left promiscuous mode
[ 52.723809][ T945] device veth0_macvtap left promiscuous mode
[ 52.730549][ T945] device veth1_vlan left promiscuous mode
[ 52.736412][ T945] device veth0_vlan left promiscuous mode
[ 52.851477][ T945] team0 (unregistering): Port device team_slave_1 removed
[ 52.865631][ T945] team0 (unregistering): Port device team_slave_0 removed
[ 52.876773][ T945] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 52.891242][ T945] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 52.937744][ T945] bond0 (unregistering): Released all slaves
Warning: Permanently added '10.128.10.40' (ECDSA) to the list of known hosts.
2022/07/09 22:14:42 parsed 1 programs
2022/07/09 22:14:42 executed programs: 0
[ 66.903389][ T4054] cgroup: Unknown subsys name 'net'
[ 66.912565][ T4054] cgroup: Unknown subsys name 'rlimit'
[ 68.034124][ T3605] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 68.042473][ T3605] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 68.050759][ T3605] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 68.059427][ T3605] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 68.067262][ T3605] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 68.075268][ T3605] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 68.143316][ T4061] chnl_net:caif_netlink_parms(): no params data found
[ 68.178653][ T4061] bridge0: port 1(bridge_slave_0) entered blocking state
[ 68.185957][ T4061] bridge0: port 1(bridge_slave_0) entered disabled state
[ 68.194311][ T4061] device bridge_slave_0 entered promiscuous mode
[ 68.202281][ T4061] bridge0: port 2(bridge_slave_1) entered blocking state
[ 68.209847][ T4061] bridge0: port 2(bridge_slave_1) entered disabled state
[ 68.217649][ T4061] device bridge_slave_1 entered promiscuous mode
[ 68.237163][ T4061] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 68.249003][ T4061] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 68.269780][ T4061] team0: Port device team_slave_0 added
[ 68.276892][ T4061] team0: Port device team_slave_1 added
[ 68.293902][ T4061] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 68.301039][ T4061] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 68.327286][ T4061] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 68.340131][ T4061] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 68.347072][ T4061] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 68.373030][ T4061] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 68.396718][ T4061] device hsr_slave_0 entered promiscuous mode
[ 68.403606][ T4061] device hsr_slave_1 entered promiscuous mode
[ 68.456320][ T4061] bridge0: port 2(bridge_slave_1) entered blocking state
[ 68.463422][ T4061] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 68.470764][ T4061] bridge0: port 1(bridge_slave_0) entered blocking state
[ 68.477836][ T4061] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 68.511321][ T4061] 8021q: adding VLAN 0 to HW filter on device bond0
[ 68.524040][ T3612] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 68.532088][ T3612] bridge0: port 1(bridge_slave_0) entered disabled state
[ 68.540554][ T3612] bridge0: port 2(bridge_slave_1) entered disabled state
[ 68.549041][ T3612] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 68.561229][ T4061] 8021q: adding VLAN 0 to HW filter on device team0
[ 68.571628][ T2931] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 68.580759][ T2931] bridge0: port 1(bridge_slave_0) entered blocking state
[ 68.587846][ T2931] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 68.597984][ T143] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 68.606492][ T143] bridge0: port 2(bridge_slave_1) entered blocking state
[ 68.613575][ T143] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 68.630466][ T3612] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 68.644388][ T3612] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 68.652707][ T3612] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 68.661427][ T3612] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 68.673185][ T4061] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 68.687417][ T4061] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 68.696697][ T2931] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 68.713970][ T2931] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 68.722009][ T2931] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 68.734130][ T4061] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 69.020059][ T3621] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 69.029960][ T3621] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 69.039672][ T3621] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 69.047307][ T3621] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 69.057102][ T4061] device veth0_vlan entered promiscuous mode
[ 69.067989][ T4061] device veth1_vlan entered promiscuous mode
[ 69.083671][ T4061] device veth0_macvtap entered promiscuous mode
[ 69.092248][ T143] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 69.100380][ T143] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 69.108257][ T143] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 69.116920][ T143] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 69.127241][ T4061] device veth1_macvtap entered promiscuous mode
[ 69.143176][ T4061] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 69.150558][ T2931] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 69.160209][ T2931] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 69.171464][ T4061] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 69.180064][ T2931] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 69.189023][ T2931] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 69.238855][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 69.246800][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 69.261414][ T143] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 69.273933][ T34] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 69.281996][ T34] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 69.291274][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 69.317108][ T4083] ==================================================================
[ 69.325180][ T4083] BUG: KASAN: use-after-free in mprotect_fixup+0x711/0x780
[ 69.332355][ T4083] Read of size 8 at addr ffff88802499a630 by task syz-executor.0/4083
[ 69.340476][ T4083]
[ 69.342776][ T4083] CPU: 1 PID: 4083 Comm: syz-executor.0 Not tainted 5.19.0-rc4-syzkaller #0
[ 69.351414][ T4083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022
[ 69.361446][ T4083] Call Trace:
[ 69.364705][ T4083]
[ 69.367617][ T4083] dump_stack_lvl+0x57/0x7d
[ 69.372098][ T4083] print_address_description.constprop.0.cold+0xeb/0x495
[ 69.379176][ T4083] ? mprotect_fixup+0x711/0x780
[ 69.383998][ T4083] kasan_report.cold+0xf4/0x1c6
[ 69.388817][ T4083] ? mprotect_fixup+0x711/0x780
[ 69.393638][ T4083] mprotect_fixup+0x711/0x780
[ 69.398287][ T4083] ? change_protection+0x2930/0x2930
[ 69.403557][ T4083] do_mprotect_pkey+0x406/0x7e0
[ 69.408411][ T4083] ? mprotect_fixup+0x780/0x780
[ 69.413235][ T4083] ? lock_downgrade+0x6e0/0x6e0
[ 69.418073][ T4083] __x64_sys_pkey_mprotect+0x8e/0xf0
[ 69.423336][ T4083] ? syscall_enter_from_user_mode+0x21/0x70
[ 69.429201][ T4083] do_syscall_64+0x35/0xb0
[ 69.433592][ T4083] entry_SYSCALL_64_after_hwframe+0x46/0xb0
[ 69.440235][ T4083] RIP: 0033:0x7fa344089109
[ 69.444624][ T4083] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 69.464199][ T4083] RSP: 002b:00007fa3451b7168 EFLAGS: 00000246 ORIG_RAX: 0000000000000149
[ 69.472599][ T4083] RAX: ffffffffffffffda RBX: 00007fa34419bf60 RCX: 00007fa344089109
[ 69.480540][ T4083] RDX: 0000000000000000 RSI: 0000000000003000 RDI: 0000000020ffd000
[ 69.488582][ T4083] RBP: 00007fa3451b71d0 R08: 0000000000000000 R09: 0000000000000000
[ 69.496523][ T4083] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000001
[ 69.504473][ T4083] R13: 00007ffc1794e7df R14: 00007fa3451b7300 R15: 0000000000022000
[ 69.512429][ T4083]
[ 69.515427][ T4083]
[ 69.517732][ T4083] Allocated by task 4083:
[ 69.522030][ T4083] kasan_save_stack+0x1e/0x40
[ 69.526684][ T4083] __kasan_slab_alloc+0x90/0xc0
[ 69.531522][ T4083] kmem_cache_alloc+0x204/0x3b0
[ 69.536342][ T4083] vm_area_dup+0x83/0x380
[ 69.540641][ T4083] __split_vma+0x88/0x480
[ 69.544957][ T4083] mprotect_fixup+0x54b/0x780
[ 69.549601][ T4083] do_mprotect_pkey+0x406/0x7e0
[ 69.554465][ T4083] __x64_sys_pkey_mprotect+0x8e/0xf0
[ 69.559720][ T4083] do_syscall_64+0x35/0xb0
[ 69.564191][ T4083] entry_SYSCALL_64_after_hwframe+0x46/0xb0
[ 69.570227][ T4083]
[ 69.572526][ T4083] Freed by task 4083:
[ 69.576477][ T4083] kasan_save_stack+0x1e/0x40
[ 69.581133][ T4083] kasan_set_track+0x21/0x30
[ 69.585714][ T4083] kasan_set_free_info+0x20/0x30
[ 69.590619][ T4083] ____kasan_slab_free+0x166/0x1a0
[ 69.595699][ T4083] slab_free_freelist_hook+0x8b/0x1c0
[ 69.601037][ T4083] kmem_cache_free+0xdd/0x5a0
[ 69.605682][ T4083] __vma_adjust+0x845/0x2630
[ 69.610241][ T4083] vma_merge+0xa8d/0x12f0
[ 69.614537][ T4083] mprotect_fixup+0x2cc/0x780
[ 69.619181][ T4083] do_mprotect_pkey+0x406/0x7e0
[ 69.624001][ T4083] __x64_sys_pkey_mprotect+0x8e/0xf0
[ 69.629338][ T4083] do_syscall_64+0x35/0xb0
[ 69.633726][ T4083] entry_SYSCALL_64_after_hwframe+0x46/0xb0
[ 69.639585][ T4083]
[ 69.641883][ T4083] The buggy address belongs to the object at ffff88802499a630
[ 69.641883][ T4083] which belongs to the cache vm_area_struct of size 200
[ 69.656253][ T4083] The buggy address is located 0 bytes inside of
[ 69.656253][ T4083] 200-byte region [ffff88802499a630, ffff88802499a6f8)
[ 69.669323][ T4083]
[ 69.671643][ T4083] The buggy address belongs to the physical page:
[ 69.678041][ T4083] page:ffffea0000926680 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2499a
[ 69.688337][ T4083] memcg:ffff8880206be301
[ 69.692551][ T4083] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 69.700167][ T4083] raw: 00fff00000000200 ffffea0000968e80 dead000000000005 ffff888140006b40
[ 69.708726][ T4083] raw: 0000000000000000 00000000800f000f 00000001ffffffff ffff8880206be301
[ 69.717361][ T4083] page dumped because: kasan: bad access detected
[ 69.723745][ T4083] page_owner tracks the page as allocated
[ 69.729433][ T4083] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 3814, tgid 3814 (dhcpcd-run-hook), ts 55127326908, free_ts 55115182052
[ 69.747976][ T4083] get_page_from_freelist+0x19d2/0x3b30
[ 69.753772][ T4083] __alloc_pages+0x1c7/0x510
[ 69.758331][ T4083] allocate_slab+0x26c/0x3c0
[ 69.762890][ T4083] ___slab_alloc+0x9bc/0xe10
[ 69.767559][ T4083] __slab_alloc.constprop.0+0x4d/0xa0
[ 69.772910][ T4083] kmem_cache_alloc+0x360/0x3b0
[ 69.777729][ T4083] vm_area_dup+0x83/0x380
[ 69.782032][ T4083] dup_mm+0x56a/0x11d0
[ 69.786072][ T4083] copy_process+0x349a/0x6690
[ 69.790714][ T4083] kernel_clone+0xb8/0x7f0
[ 69.795107][ T4083] __do_sys_clone+0xa1/0xe0
[ 69.799588][ T4083] do_syscall_64+0x35/0xb0
[ 69.803975][ T4083] entry_SYSCALL_64_after_hwframe+0x46/0xb0
[ 69.809839][ T4083] page last free stack trace:
[ 69.814482][ T4083] free_pcp_prepare+0x549/0xd20
[ 69.819406][ T4083] free_unref_page+0x19/0x6a0
[ 69.824049][ T4083] __unfreeze_partials+0x17c/0x1a0
[ 69.829130][ T4083] qlist_free_all+0x6a/0x170
[ 69.833685][ T4083] kasan_quarantine_reduce+0x180/0x200
[ 69.839113][ T4083] __kasan_slab_alloc+0xa2/0xc0
[ 69.843942][ T4083] kmem_cache_alloc+0x204/0x3b0
[ 69.848761][ T4083] getname_flags.part.0+0x4a/0x440
[ 69.853859][ T4083] do_sys_openat2+0xd2/0x3f0
[ 69.858425][ T4083] __x64_sys_openat+0x11b/0x1d0
[ 69.863248][ T4083] do_syscall_64+0x35/0xb0
[ 69.867634][ T4083] entry_SYSCALL_64_after_hwframe+0x46/0xb0
[ 69.873497][ T4083]
[ 69.875801][ T4083] Memory state around the buggy address:
[ 69.881400][ T4083] ffff88802499a500: fc fc fc fc fc fb fb fb fb fb fb fb fb fb fb fb
[ 69.889430][ T4083] ffff88802499a580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[ 69.897464][ T4083] >ffff88802499a600: fc fc fc fc fc fc fa fb fb fb fb fb fb fb fb fb
[ 69.905502][ T4083] ^
[ 69.911113][ T4083] ffff88802499a680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 69.919227][ T4083] ffff88802499a700: fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 00
[ 69.927262][ T4083] ==================================================================
[ 69.937689][ T4083] Kernel panic - not syncing: panic_on_warn set ...
[ 69.944301][ T4083] CPU: 0 PID: 4083 Comm: syz-executor.0 Not tainted 5.19.0-rc4-syzkaller #0
[ 69.953117][ T4083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022
[ 69.963578][ T4083] Call Trace:
[ 69.966832][ T4083]
[ 69.969741][ T4083] dump_stack_lvl+0x57/0x7d
[ 69.974317][ T4083] panic+0x227/0x466
[ 69.978361][ T4083] ? panic_print_sys_info.part.0+0x69/0x69
[ 69.984231][ T4083] ? preempt_schedule_common+0x59/0xc0
[ 69.989664][ T4083] ? mprotect_fixup+0x711/0x780
[ 69.994487][ T4083] ? preempt_schedule_thunk+0x16/0x18
[ 69.999831][ T4083] ? mprotect_fixup+0x711/0x780
[ 70.004662][ T4083] end_report.part.0+0x3f/0x7c
[ 70.009399][ T4083] kasan_report.cold+0x93/0x1c6
[ 70.014230][ T4083] ? mprotect_fixup+0x711/0x780
[ 70.019046][ T4083] mprotect_fixup+0x711/0x780
[ 70.023693][ T4083] ? change_protection+0x2930/0x2930
[ 70.028951][ T4083] do_mprotect_pkey+0x406/0x7e0
[ 70.033770][ T4083] ? mprotect_fixup+0x780/0x780
[ 70.038783][ T4083] ? lock_downgrade+0x6e0/0x6e0
[ 70.044046][ T4083] __x64_sys_pkey_mprotect+0x8e/0xf0
[ 70.049310][ T4083] ? syscall_enter_from_user_mode+0x21/0x70
[ 70.055180][ T4083] do_syscall_64+0x35/0xb0
[ 70.059579][ T4083] entry_SYSCALL_64_after_hwframe+0x46/0xb0
[ 70.065439][ T4083] RIP: 0033:0x7fa344089109
[ 70.069826][ T4083] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 70.089401][ T4083] RSP: 002b:00007fa3451b7168 EFLAGS: 00000246 ORIG_RAX: 0000000000000149
[ 70.097779][ T4083] RAX: ffffffffffffffda RBX: 00007fa34419bf60 RCX: 00007fa344089109
[ 70.105720][ T4083] RDX: 0000000000000000 RSI: 0000000000003000 RDI: 0000000020ffd000
[ 70.113660][ T4083] RBP: 00007fa3451b71d0 R08: 0000000000000000 R09: 0000000000000000
[ 70.121607][ T4083] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000001
[ 70.129548][ T4083] R13: 00007ffc1794e7df R14: 00007fa3451b7300 R15: 0000000000022000
[ 70.137493][ T4083]
[ 70.140546][ T4083] Kernel Offset: disabled
[ 70.144848][ T4083] Rebooting in 86400 seconds..